Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 29, 2025, 2:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
391	9.8	緊急 Network	Pos Tahsil	Online Payment System	Pos Tahsil の Online Payment System における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2023-7081	2025-01-24 17:13	2023-12-22	Show	GitHub Exploit DB Packet Storm

392	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2024-57944	2025-01-24 17:03	2024-12-7	Show	GitHub Exploit DB Packet Storm

393	7.5	重要 Network		-	アップルの macOS における脆弱性	CWE-22 CWE-noinfo	CVE-2024-44195	2025-01-24 17:01	2024-10-28	Show	GitHub Exploit DB Packet Storm

394	9.8	緊急 Network	HGiga	OAKlouds-organization-2.0 OAKlouds-organization-3.0 OAKlouds-webbase-3.0 OAKlouds-webbase-2.0	複数の HGiga 製品における OS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2024-26260	2025-01-24 16:44	2024-02-15	Show	GitHub Exploit DB Packet Storm

395	7.3	重要 Local	レッドハット Stichting NLnet Labs	Red Hat Enterprise Linux Server TUS Red Hat Enterprise Linux for Power little endian - Extended Update Support	Fedora Project の unbound 等複数ベンダの製品における不適切なデフォルトパーミッションに関する脆弱性	CWE-15 CWE-276	CVE-2024-1488	2025-01-24 16:33	2024-02-15	Show	GitHub Exploit DB Packet Storm

396	7.8	重要 Local	Ivanti	Ivanti Performance Manager	Ivanti の Ivanti Performance Manager における不適切なデフォルトパーミッションに関する脆弱性	CWE-276 CWE-276	CVE-2024-11597	2025-01-24 16:24	2024-12-11	Show	GitHub Exploit DB Packet Storm

397	5.3	警告 Network	Fatcat Apps	Landing Page Cat - Coming Soon Page Maintenance Page & Squeeze Pages	Fatcat Apps の WordPress 用 Landing Page Cat - Coming Soon Page, Maintenance Page & Squeeze Pages における脆弱性	CWE-noinfo 情報不足	CVE-2024-0708	2025-01-24 16:18	2024-02-15	Show	GitHub Exploit DB Packet Storm

398	9.8	緊急 Network	INPRAX	iZZi connect	INPRAX の Android 用 iZZi connect におけるハードコードされた認証情報の使用に関する脆弱性	CWE-798 CWE-798	CVE-2024-0390	2025-01-24 16:06	2024-02-15	Show	GitHub Exploit DB Packet Storm

399	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2025-21658	2025-01-24 16:06	2025-01-6	Show	GitHub Exploit DB Packet Storm

400	7.8	重要 Local	フォーティネット	FortiClient	フォーティネットの macOS 用 FortiClient における脆弱性	CWE-73 CWE-Other	CVE-2024-31492	2025-01-24 16:04	2024-04-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 29, 2025, 4:09 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
741	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end…	CWE-79 Cross-site Scripting	CVE-2025-23540	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

742	-	-	-	Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0.	CWE-352 Origin Validation Error	CVE-2025-22768	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

743	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a …	CWE-79 Cross-site Scripting	CVE-2025-22264	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

744	-	-	-	It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authenticatio…	CWE-287 Improper Authentication	CVE-2025-0637	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

745	-	-	-	SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.	-	CVE-2024-55971	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

746	-	-	-	ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.	-	CVE-2024-52325	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

747	-	-	-	The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles whil…	-	CVE-2024-10846	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

748	-	-	-	A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins.	-	CVE-2025-24403	2025-01-24 01:15	2025-01-23	Show	GitHub Exploit DB Packet Storm

749	-	-	-	A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs o…	-	CVE-2025-24402	2025-01-24 01:15	2025-01-23	Show	GitHub Exploit DB Packet Storm

750	-	-	-	Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (t…	-	CVE-2025-24401	2025-01-24 01:15	2025-01-23	Show	GitHub Exploit DB Packet Storm